As previously mentioned, facebook released a new Graph API. It is based on OAuth 2.0 protocol (old authorization token also works). While it is fresh thing, there is no much ActionScript stuff around, so I came with FacebookOAuthGraph class. This class is meant to be used as an abstract class, while it contains just the basic authentication algorithm and call method to request data. It stores access token in SharedObject, so next time you came into app, you get connected on background without noticing (no popup etc.). Your token should expire in 24 hours.

callback.html pushes url hash into flash app. When running this application from desktop (creating/debugging), your callback.html located on public domain has no access to its opener (different domain – XSS), so you need to pass access_token manualy into <TextInput id=”hash”>, but once your flash application is on the same domain with callback, it works automaticaly.

Click connect and allow facebook application. Facebook redirects to callback.html that pastes hash into flash and closes popup. Now you are authenticated. Next time you visit this flash application (refresh this page) you will get authenticated in background (if your access token is still valid). Notice, some graph api calls returns JSON objects (me), other may return binary data (me/picture). For now it may take some time to finish calls (5 second or more), but I hope facebook will soon make it fast.

You get your JSON decoded data via event.data. Just make sure you do not try to decode ByteArray (eg. me/picture)

Based on facebook access token, it should be valid approximately for 24 hours. Notice the bold part, works as expiration time (unix time format). Use FacebookOAuthGraph.tokenToExpiration() to parse Date:

Important update: May 19, 2010: Application is working again. Due to massive support in bug tracker (thanks all for your votes), facebook devs changed secured crossdomain.xml, so it allows unsecured requests. changeStatus() method added into example and some minor changes in FacebookOAuthGraph class (please update).

Here is what happend and why this app was not working for a while:

May 11, 2010: facebook changed rules, so requests on unsecured graph service (via http://graph.facebook.com…) were limited to just those without access_token parameter. Requets to secured service (https://graph.facebook.com) resulted in security violation due to missing secure=”false” parameter in crossdomain.xml

How can I make this class do more advanced things and what are the best practices?

When I connect with this app in one browser (firefox), and I run another browser (chrome) I get automatically connected. Why?

Your authorization token is stored in SharedObject, that is OS-user persistent (eg. windows user). No matter what browser you run, all of those reads data from one SharedObject. If you need cookie or session persistent authorization, please extend my class and override methods that use SharedObject.

How to add request parameters into my call?

Pass URLVariables object as a second parameter to call() method:

// eg. in order to make this call "me/picture?type=large", do the following:
var data:URLVariables = new URLVariables();
data.type = "large"
call("me/picture", data);

Why I can not access me/photos?

Facebook has changed rules again. You also need “user_photo_video_tags” permission within your app. I have already added it into my app, so please remove your browser cache, refresh and click connect button again (even if you are connected already). Now it should work.

it should work ok, I have just tested it on 2 accounts. It may be required to grant more extended permissions (via scope = “publish_stream,user_photos,…”), but in this case it should work without change. Interesting, every URLLoader from FacebookOAuthGraph.call() method handles its IOErrorEvent, so I guess the error message is not from this application, and it may have been caused by drawing application on the top of this blog.

hi,
really thank you for the source!!
but i got an issue that i can resolve:
whan facebook call my callback.html (that is the same as your), i receive an error from firebug “flash.confirmFacebookConnection is not a function”. but “externalinterface.addcallback” is in your class…

i use the same technique as your to embed flash in html. and i’ve added Security.allowDomain(“…mydomain…”); to ensure privacy policy…

Kevin here again…
Thank you sooooooo much for making these classes available. I converted your Flex app into regular ol’ Flash and it worked without a hitch. The authentication is totally smooth and the code was concise and easy to understand. I was a little out of my depth there, trying to figure OAuth2.0 out myself, so you saved my ass. Big thanks!

finally I managed to reproduce your error. I put me/photos request into right text input that expects image bytes on return… FAIL
I created two text inputs there in my example. One is to return JSON string data the other to return binary data. The most of the calls return JSON (me, me/photos), but there are also some that returns binary data – e.g. bytes of profile picture (me/picture). In your case (me/photos) you expect JSON data (some list of urls and other stuff), please insert your request into left input field and click left call button.

In order to get logged users you have to use fql like:
SELECT uid, name, pic_small FROM user WHERE online_presence IN (‘active’, ‘idle’) AND uid IN (SELECT uid2 FROM friend WHERE uid1 = $MYUSERID)

hi Jk,
facebook service may be down or may timeout, however, my best recommendetaion is to use proxy software to watch all your requests/responds, that helps you with debugging a lot. Brilliant one is http://www.charlesproxy.com/ .

Thanks for putting the work into this – it’s really useful in trying to unravel the mess FB drop on us.

Seems that me/feed and me/home etc won’t work due to permissions – you’d need to add in read_stream as well most of the time, as the posts won’t be public. Facebook probably saw that you had this working so added that in to keep the fun going…

Hello Jozef, great stuff with the code and thanks for sharing it. I have tried to implement a flash version of it.
The thing is i get this error when i check my response to any calls made to me/whatever
{
“error”: {
“type”: “OAuthException”,
“message”: “You must use https:// when passing an access token”
}
}
My current scenario is facebook application running on facebook itself. so its not a desktop mode but website and developer mode on. I have also left out the hash portion of the mxml as confirmconnection seems to be running anyway.
Can you tell me what i may be doing wrong?

Thanks for the update mate. I find that there is one other method to connect other than the sever side script proxy method which is to use the Facebook Javascript api to proxy the calls. This would reduce any load on your own server and just pass queries and results to and fro the swf to facebook. I guess it is heading back to the old days.

How do you fire the FB.login function with ExternalInterface? When I try to do it, the popup with the fb connect doesn’t show up because it doesn’t get fired by a clickEvent in js, how did you get around it?

I’m weeks away from launching my app on Facebook and this info is very helpful. It’s a shame it all has to be so hacky. I’d love to see someone publish a straightforward tutorial or best practices doc. Seems like the JS api and external interface are still the way to go.

I’m not sure if it’s a load balancing issue or what, but it has now gone back to secure=”true” for me on all of the connections I’m trying. Seems they’re having some problems with Tuesday’s release so it it may take a little while to cement this fix.

Chris,
try clear https://graph.facebook.com/crossdomain.xml from your browser cache
for now it contains <allow-access-from domain=”*” secure=”false”/> for me … but it may be that there is an old version of .xml somewhere in network heaven

Yeah, it’s not a caching issue – from work it’s now updated to “false”, but from my home it’s still “true”. I think the only sensible solution might be to have a version that can switch between JS and AS calls, just for future proofing as far as possible. Which is annoying!

For some reason the javascript function doesn’t seem to be calling the confirmConnection function (getting a null token value when I trace it out from inside the class). I did everything exactly as you did up there w/ swf object…any ideas?

Hi Nick,
– first please clear browser cache and let me know if this example works for you, if not tell me what browser you use
– download latest http://classes.yoz.sk/sk/yoz/net/FacebookOAuthGraph.as class and copy latest application code (change clientId and redirectURI), define all the necessary settings for your facebook app
– upload your app so callback.html and .swf file and wrapper file are on the same domain
(as defined in facebook settings) now tell me what works and what do not, does the popup open? does it close itself after success auth?

I’m trying to load alot of profiles pictures for a Flash Facebook game, do I reference all thru individual calls to /{uid}/picture and load them with ByteArray, or … can i load them like I would load external pictures normally

I am new to flash/as3/xml.i am trying to understand the code.i am trying to create a button when user clicks on it message will goto their feed.can you please tell me in steps like how to run this code from flash cs4.

@greeshma you should follow the actionscript code used in the example, it is more less the shortest possible way to achieve what you need.
1. create facebook instance and check for saved token
2. use user interaction (mouse click) to dispatch popup via facebook.connect() – user interaction needed so blocker will allow your popup to open
3. prepare a listener for FacebookOAuthGraphEvent.AUTHORIZED that is dispatched after callback
4. now you are connected (access token defined)
5. use facebook.call() function to do whatever you want

@Jessica There is no need to change the code of FacebookOAuthGraph class, if you need changes, please extend it with your custom class, I made all methods in public or protected namespace so there should not be problem with it. PopUp blocker does exactly what you have described, it block popups that are not invoked by user interaction, you will not make this work but you dont even need it!!!

when using canvas page (i suggest iframe):
– before generating flash, redirect from your html (via javascript or php) to authorization urlhttps://graph.facebook.com/oauth/authorize?client_id=XXX&redirect_uri=BACKTOMYHTML&type=user_agent&scope=XXX
– when it returns to your html it contains access_token (same as our callback.html)
– now it is time to generate flash and pass this token into your flash via eg. flashvars.token
– in actionscript handle flashvar params and pass token into facebook.confirmConnection(“#access_token=” + token)
– now you should get connected

in my case i totally dropped the as3 api and just use this handy class for the new extended permissions, what i’m missing now is the initial setup (verify login, redirect to login, check permission). also i would love to integrate the js sdk into this, because i still prefer having popups when posting stuff to a user’s wall instead of automatically doing so (even if the user granted his permission to do so).

anyone sucessfully this class and the js sdk via external interface already? if the user is logged in via opengraph, do i need to re-login him via the js sdk? is it the bad facebook documentation or is it me that’s causing this confusion?

hi lars,
thanks for your feedback
– what exactly do you mean by “i do not get permission popup”? is your popup blocked? or does it close itself in a second? I use chrome as my main browser and do not have any problems with it. once you grant permissions to the app, you are not asked to regrant them with next login (facebook behaviour)
– I know there are some things missing in the class, that is why its meant to be abstract. It contains just the minimal working code by purpose. I have left a lot of room for extending there, eg. to verify login override confirmConnection() method, add some simple call (me) and handle the result (or error)… there is a lot of things everyone needs to handle differently so why making this code any longer?
– I would also like to hear someone mount this class with js. if so please let me know. I guess the js makes the same api calls (with access_token), so to push token from flash to js (or vice versa) should be enough to make them work both

no popup blocker on chrome or safari. it seems there’s an js error on the ext interface call. actually i’m logged in on firefox and try chrome and safari while the logged-on-session in firefox is running.

lars, does my example work for you? if so, please follow all the steps one by one so your app will get also working. I do not have safari but this seems like xss, you may have bad callback url defined or something like that.

Wow.. now it seems that facebook is changing the crossdomain.xml file at random.
I am developing a login function for a site using your code (great stuff, btw – thanks!), but suddenly it got unstable.
When I checked the https://graph.facebook.com/crossdomain.xml file, is’s changing at random for a very short time (1-2 seconds), removing the ‘secure=”false”/’ part, so that https would be needed.
I REALLY hope Facebook will stabilize this.
Just thought i would post this comment to help explain the problem to anyone experiencing the same thing.

Can you help me figure out a way to log the user out with a function in flash?
I can’t figure out how to call the javascript (FB.logout) needed to do this. So when I try to use the login a second time, there is no way of changing the user, without logging out of facebook in another window, or deleting the application permittoin in facebook.
It would be great if you could give me a hint fro this!

Hi, thanks for the quick response!
I tried clearing the SharedObject allready, but it did not seem to work. I’ve not worked with this before, so I might be doing something wrong.. Here is my code, I have tried a bunch of different stuff, to see if any of it works, but no luck:

I put the code inside your class (sorry for the mess). But it seems like the reference to the token is still there, as it logs me back in automatically when calling the connect method again. The before/after trace tells me that the tokens are gone after clearing.
Any ideas?

@Morten
now I see what you are trying to do. There is no logout method in graph api (as far as I know), you can logout user from facebook using javascript api:
FB.Connect.logoutAndRedirect(“http://mydomain/logoutcallback.html”);
or logout in another window (as you have mentioned)

@znt, @ancle now I see what is the problem, facebook changed rules again. I have removed and readded my app and I also see empty arrays for me/photos. Now, it is time to introduce “user_photo_video_tags” permission. I have already added it into my app, so please remove your browser cache, refresh app and click connect button (even if you are connected) and grant the permission, results should be ok again

I can only confirm it working with users own albums.
Haven’t figured out how to – 1, send image bytearray via “/feed”, only the string gets passed to your feed.
2 – you will get a “stream error” when trying to upload images to a fanpage’s public gallery.

Thks a lot, i have already founded and i was back to post these informations about authorization.
Some of authorizatios about profil
user_location ,email ,user_relationships, user_religion_politics, user_birthday, user_photos ,read_stream ,user_status, user_about_me”…….

The good news is that someone posted a working solution to this(answers #13 from jasek2)that consists on having an index.php which only function is to make a redirect and having the rest of the application in another folder, the redirect uri MUST be to that folder, e.g. http://apps.facebook.com/appname/callback/ .Then you can retrieve a var called ‘code’ and ask for ‘acess_token’ using your ‘code’,’client_id’, ‘redirect_uri’ and ‘client_secret’. Once you get your ‘acess_token’ you can send it via flashvars to the flex app. This is how I did it, it’s a mix of Jozef’s exellent app and the solution of facebook forum:

—–
This is working for me BUT on the same thread on facebook forum (answer #21) someone is asking about how safe is to pass the client_secret on the url. I have the same doubt but I see no other way to get the acess_token. Even facebook suggest passing the client_secret on the url here http://developers.facebook.com/docs/authentication/ :

* After the user authorizes your application, we redirect the user back to the redirect URI you specified with a verification string in the argument code, which can be exchanged for an oauth access token. Exchange it for an access token by fetching https://graph.facebook.com/oauth/access_token. Pass the exact same redirect_uri as in the previous step:

This is a very helpful class and much better than the old way of doing things. It seems I have a problem, however. I get the following error AFTER the authentication goes through:

Invalid redirect_uri: The Facebook Connect cross-domain receiver URL (http://randallknapp.com/aliens/callback.html) must have the application’s Connect URL () as a prefix. You can configure the Connect URL in the Application Settings Editor.

and in my application settings, under Authentication, my Post-Authorize Callback URL is “http://randallknapp.com/aliens/callback.html” and when I call the connect method of your class I set redirectURI = “http://randallknapp.com/aliens/callback.html”.

Found an error or maybe its just me. Click Connect -> when the facebook login pop up appears click cancel..

Error: Error #2101: The String passed to URLVariables.decode() must be a URL-encoded query string containing name/value pairs.
at Error$/throwError()
at flash.net::URLVariables/decode()
at flash.net::URLVariables()
at sk.yoz.net::FacebookOAuthGraph/hashToToken()
at sk.yoz.net::FacebookOAuthGraph/confirmConnection()
at Function/http://adobe.com/AS3/2006/builtin::apply()
at flash.external::ExternalInterface$/_callIn()
at ()

[…] graph api integration into your flash app. Before continue reading, make sure you understand the previous article. Due to huge interest, I am adding codes that makes your flash app working with graph api within […]

Just FYI, I don’t know if anyone figured this out yet (didn’t read through all the posts). I noticed that some people seemed to be having an issue with the events. From what I can tell, the event may be getting fired before it is listened for.

all that i needed to do was add a couple extra (optional) params to the call function so that the listener can be added to it prior to the event firing. There are a couple ways to do it, this was just the quickest for me to get going with.

Hi folks. I’m seeing some issues regarding the public and protected namespaces for the token and authorized vars. I’m assuming this is set up for FLEX only? Also, I know this has seen quite a bit of activity (for obvious reasons) over the course of the couple weeks, and if anyone has an AS3 only based example using these awesome classes that would rock!

I have one problem though, I’m trying to detect if a user declines(presses cancel/don’t allow) in the facebook-allow-popup. I noticed there is an UNAUTHORIZED-event in your eventclass but is is never dispatched. I tried to deduce where to dispatch it myself but I couldn’t figure it out.

Hi Carl,
1. when user clicks cancel confirmConnection() method is called with empty argument – catch it there
2. you are right, I did not implemented UNAUTHORIZED dispatch. I think graph API does not support logout method, but you can use “auth.logout” method from REST API. try something like:
facebook.call(“method/auth.logout”, null, URLRequestMethod.GET, null, “https://api.facebook.com”);

Does any one ever tried to implement a button the button with this example. I getting desperate with this issue because i trying to render some xfbml on my html page, but nothing is being showed.
The code i trying is …

On line 031 of your example, you are referring to a variable called parameters in your autoConnect function, but this is undefined. What should I put here? I hacked it to work but I’m getting a popup after the user has connected, trying to avoid this. Thank you.

@Jozef, thanks a lot for your feedback. it’s weird because i just renamed the classes. All other method are still working fine just the binary one is having problem. But anyway i downloaded it again and used the default name and it worked. Later i will try to figure out what could’ve happened with my code =)

Hi Jozef:
Is it possible to use the Graph API to “like” a page via AS3? The issue I’m encountering is that my site is completely Flash based while the only utilities provided by Facebook are HTML/Javascript (e.g. their “Like” Button).

@jag, you can not use graph API to like stuff, there is no method for that. even by testing like request:
href: http://www.facebook.com/pages/***
node_type: page
edge_type: like
page_id: 12345
action_text
now_connected: true
nctr[_mod]: connect
post_form_id: 123ABF***********
fb_dtsg: TAfAJ
post_form_id_source: AsyncRequest

Hi John, the dialog you are refering to, is a part of facebook javascript sdk. I do not use js sdk in my class, its pure actionscript. If you want dialog box, you are free to create one inside your flash app, with your graphics, your text input etc.

Hi Ben Bee, to make it work locally, please read http://blog.yoz.sk/2010/06/extending-facebookoauthgraph-class/ and advanced callback part. I have fixed link to Callbkac.swf, thanx for noticing that. Now I read your next post, do you have problems with LocalConnection? What OS / flash player you use? In mac + 10.0 is LocalConnection somehow broken, fixed in 10.1…

Hi
Really cool classes =) Though I have wierd problem using the MultipartURLLoader to upload a image to an album. I get Sandbox violations #2048 error. I don’t know what is missing because the FacebookOAuthGraph loads both the http://graph.facebook.com/crossdomain.xml and the https://graph.facebook.com/crossdomain.xml. I don’t get the error trying to get autorization or when I want to use the FacebookOAuthGraph::call function to get and set user data in facebook. I don’t know if it has something to with sending a bytearray and new retrictions from the flash player itself? I am currently using Flash debugger version 10,1,53,64.

Hi guys. That method seems to be promising. However from time I’ve got Flash 10.1 installed. Very often I see Security Sandbox errors when I am dealing with .NET services and I’ve noticed here as well.

I solved the problem when I got a message from Sean. The problem is that I did not set the url correct and got an “unvalid path string” error, as you said yesterday Jozef =) I was trying to set up a new album to anything with the API. But when I changed the URL to me/photos instead of just blank everything worked in both IE Flash player and the debugger player Firefox. Why it did worked in IE player before I can’t explaine. Here is the code that worked for me.

Hi Jozef, thanks for your response, was hoping for a solution.
Anyways i have another question, regarding the implementation of autoconnect, where did u declared the variable parameters? or what values should this variable have, thanks in advance.

Im using the flash IDE for my project, and i dont see where in your flex code its declared, i would like to be able to autoconnect if you already have a access token.

Hi again Jozef thank you for your replies, i noticed that u added that to your flex code, but im still having trouble making it autoConnect, is there a way for me to retrieve the parameters.session object variable with your class, maybe a method?

i noticed when i open your app, in a new window you have flashvars = { }, since there is nothing there flash just throws an error saying its undefined or null, and locks.

Thank you very much for this class, i hope there is some kind of solution, oh btw im kinda looking for a way to force a “like” within flash hehe, when i have it ready ill share the method.

Thanks not only by the great library, but also to explain how auth works with the new Facebook API.
I’m using your library now, to build a feature where users can download a wallpaper composed with profile pictures of friends.

But when I try to draw the bitmapData I got the error:
“SecurityError: Error #2122: Security sandbox violation: BitmapData.draw”

Hi Jozef,
Thanks for your quickly reply!
I’ve tried to request the crossdomain.xml file, but it doesn’t work.
But then, I’ve created a proxy php file to load the image from that address and works.
It’s not a good solution, but I’ve no more time left to research more about this subject right now.
Later I’ll check this out and post the result here.
Thanks!

Thank-you so much for your tutorial and scripts. They have been so useful for a project I have just completed! Just wondering if you have every taken the code 1 step further and made the popup a modal, rather than a new window (Facebook Connect style)? Thanks again!

I tried your example and i receive this error…
{
“error”: {
“type”: “OAuthException”,
“message”: “Invalid redirect_uri: The Facebook Connect cross-domain receiver URL (http://www.mysite.com/fb/callback.html) must have the application’s Connect URL () as a prefix. You can configure the Connect URL in the Application Settings Editor.”
}
}
Any idea?
Thanks in advance!
Best regards

After calling connect() the callback funtion confirmConnection is fired.
But as far as I can see that should call verifyToken() which in turn should call verifyTokenSuccess() which should dispatch the FacebookOAuthGraphEvent.AUTHORIZED event.

But I’m not getting that event.
verifyTokenSuccess() doesn’t get called ?

Torben does your browser open new popup window when clicking on connect? this popup opens facebook and after successful verification calls your callback.html where is the javascript that calls verifyToken(). does this happen to you? does it happen for you in my app? if no what is your os and browser. If this works for you in my app and does not in your one, please makse sure to read whole article again, there must be something you are doing wrong. There are many questions answered in faq and other in comments. Please go through the stuff and you will get your issues resolved sooner

Torben, search IOError in this page and you may find your answer…, even in FAQ:
This example app works with Internet Explorer, but my one results in Error #2032
Please complie your app to Flash Player 10 (or later). It should fix this issue. Credits goes to Garcimore , thnx

Compiling the app to flash 10 didn’t work for me.
I’ve been checking this page regularly in the hope that someone has stumbled upon the same issue and found a solution, since the bug filed in facebook is kinda abandoned

first thanks for sharing this! Real good work! I already extended your Class and Implemented several Facebook graph features. Everything works quite fine as far as Facebook let you interact. But there is one thing that works different in every App I created to your Demo: My Access Token expires after I log out of Facebook and your Token keeps on working. My Tokens worked for 30 minutes after log out when I switch the App mode from Web to Desktop and certainly longer when I add the offline_access scope. But you don’t ask for offline access and It keeps on working for hours.

Thanks Jozef, this is great work. Being a bit old school, I’m not much of a Flex developer and I was able to convert most of your example so it would work using the Flash IDE. However, I can’t seem to figure out how to retrieve the hash confirmation string back from the callback.html popup. Would you have an example that works just through the Flash IDE? Appreciate any help you can offer.

@Dionysiusm thnx, I guess facebook does not unvalidate access_token that fast after logging out, in this class the token is persistently stored in sharedobject, and while facebook api responds with a valid result (for this token) your app may not notice your logout

@Jason Redhawkm thank you, please download latest FacebookOAuthGraph, its compatible with flash authoring tool compiler. http://blog.yoz.sk/examples/FacebookOAuthGraph/cs.as … in general, when clicking on “connect” button, actionscript injects javascript into wrapping html. callback holds reference for its opener (wrapping html) and is able to call the javascript function that pushes hash back into the main flash, make sure to have allowScriptAccess and name + id attributes for flash.

Thanks for your reply. Thats how I proceed actually because I’m extending your class. For testing purpose I created a button wich always do the same call with the sharedObject Token. As long as I’m logged in everything works fine, but as far as I log out I’m getting a “400 Bad Request” response. The same call keeps on working in your Demo App above.

I really have no Idea why this is happening. Maybe its some app setting thing.

My application suddenly started to work on IE after no change from my part, and I almost threw a party… but it didn’t take long to find out it only worked for my own user.

Then I came back here and saw you shared your application settings, thanks! But I tried them out and they did not help.

Now I noticed it has nothing to do with broser version or flash player version. The application works on the same machine for user 1, but it doesn’t work for user 2.

The only differences between the two accounts are:
– id for account 1 (working) has 9 digits, while for account 2 (not working) it is longer, 15 digits
– account 1 (working) is the application developer, account 2 (not working) is not, but the app is not in sandbox mode (I’ll try adding someone to the developer list to see if it works)

Seems more likely that the problem is in the id length, what do you think?

Hi again Jozef thanks to your class i have solved so much on this FB graph project im working on, but now i got some kind of an issue with Macs, seems the authorization popup window never loads for ppl on a mac and probably behind a firewall, do you have any idea why this could happen?

Works perfectly on any PC, but when its loaded on MAC, it seems to try to connect for a long period of time ending in not being able to connect at all.

@Carol do you have issues with the app also with other browsers than ie? Long (64bit bigint) ID could be problem while actionscript uses 32bit integers, but IDs are handled (e.g. returned from /me) as strings so it should not do any harm

I have tried your example application from here: http://blog.yoz.sk/2010/05/facebook-graph-api-and-oauth-2-and-flash/. The login works, but the label near the connect button will remain “not connected” even if i copy paste the access token in the hash textbox. The verifyTokenSuccess function will be NOT called. I am new in Actionscpript. The application runs in adobe flex bulider. I have debugged it, after clicking the “add hash” button, the acces token is good, this function: function(event:FacebookOAuthGraphEvent):void
{
EventDispatcher(event.currentTarget)
.removeEventListener(event.type, arguments.callee);
verifyTokenSuccess(event, token);
});

never runs.
I didnt change the application id (private var clientId:String = “268718683475”;), I think this isnt a problem.

@eva I am somehow unable to reproduce this issue, I am using xp/ie8 and authorization process is smooth (eva is win7/ie?). Did you click allow button on the opened facebook popup? Could you test it on another facebook account?

@John you are welcome. make sure you have correct settings http://blog.yoz.sk/examples/FacebookOAuthGraph/settings.png , if the issue remains it is facebook/ie8 related and I am unable to handle that from flash player, some apps works, some do not, some works for some users only… Flex vs. Flash does not behave different in this context.

I have a swf that publishes a game score to the user’s facebook wall.
In Safari, it behaves perfectly. I’ve already added a javascript timeout for the confirmFacebookConnection(), which made it work in Firefox, but Internet Explorer still gets stalled on the callback.html.

Has anyone had this issue and resolved it?

Would there be an issue with loading the swf from a Content Delivery Network, instead of having it sit in the same directory as the callback.html?

Hi @Tryg, if your original html wrapper for main.swf exists on the same domain as callback.html, the javascript should be executed without security issues. I did not tried it within different directories:browsers, but I believe it does not violate crossdomain. Does my example work for your IE? .. If issues persist, try advanced callback from http://blog.yoz.sk/2010/06/extending-facebookoauthgraph-class/ . If you tell me where the flow collapses (javascript/actionscript line?), I can tell you wheter it is related to the facebook IE bug or not. Even if it were not related, your votes are very useful thank you

Yes, I only experienced the problem in IE and long ids…
A Facebook employee sent me a proposed fix (where I sould use POST instead of GET for all requests). I thought it would work, but I still get the error with long IDs. =(

Not sure if this will help anyone else, but I was facing a huge problem with IE 6-8. My flash iframe app just wouldn’t connect to retrieve the access token. After hours of trying, I just tried changing my app settings. Under migrations > OAuth 2.0 for Canvas (beta) > disabled. Amazingly that fixed everything.

hi, i am in big trouble. i need help with session .logout() it is not working. how do i make this work
facebook.call(“method/auth.logout”, null, URLRequestMethod.GET, null, “https://api.facebook.com”); it is not a website it is an air application. i want users to be able to logout to other can login. i use desktopsessionhelper and is there a work around using the clear() flash cookie. i want when i user logout he needs to loginagain. but here it justs login without asking for username and password.

Hi, tkx for all those precious informations. I have a question though:
do you have any idea of how to get that same application that you have here in a tab ? (profile tab or fan page tab)
The facebook documentation explicitly says that they need the user to make an action on the tab to actually allow us to get user id for example. When loading a flash movie in a tab, the user has to activate it in order to use it (needed action from user), but I can’t find a way to use the facebook api the same way you are doing here in an application tab.
If you have any idea or clue, plz feel free to drop a line. I might be totally “wrong” or blind but I just can’t get it to work.
tkx!

hi shammi, what exactly is desktopsessionhelper? you can not make user login on your site, there is no such api method “method/auth.logout” in rest api. however you can subscribe with javascript sdk to FB.Event.subscribe (auth.logout) but my class does not use javascript sdk

Jozef, tkx for your quick answer, I found the “problem”, I got a session_key instead of a token, just had to activate the “Canvas Session Parameter” in the migration tab of the application parameters form.
tkx again for your support.

hi, i dont have to wory about logout anymore i am using ur api now. i had to delete all the code of reset API . which stoped working two days ago.
now my only problem is i want users to upload picture to a specific album.
the MultipartURLLoader i am using an air application and i get stream error.
albumid = 214446590807
when using https://graph.facebook.com/album_id/photos?access_token=djfjdsjjf

yea everything good now. i am able to post it to a specific album https://graph.facebook.com/“+ 312707920807+”/photos”. every one use the graph API it will solve all ur problems relating to empty album data and logout.

[…] It does not provide login authentication as there are many other libraries available for this purpose and really…why re-invent the wheel? Some great examples are from Big Spaceship and Jozef Chúťka. […]

rather than opening the logout in a new window I’m opening the logout url in an iframe named _logout, this iframe size is just 1×1 pixel.
So once you call this method a token in shared object will be clear and Facebook login session will be clear too.

@PVieira picture url is static “me/picture” for current user, “{user}/picture” for any other user. I suppose you want to save picture bytes (image)… hm… I guess it will not be possible directly (you do not have crossdomain.xml access) and you will need to use server side proxy to download the image

Hi Vincent, facebook managed to block its content within iframe, if you try to load facebook inside any frame/iframe, the content will be hidden or “disabled”, its because of clickjacking attacks (my best guess)

Hi Sandi, in case of fails, what is the server response content? Or does it throw flash player exception? Facebook API has limits but it raises with your fan base (user count), I personaly never hit one… If you are not about to crawl the whole facebook database I believe you can not hit limits.

I have a few question:
– if the user close the facebook login / cancel login, can we detect using FacebookOAuthGraphEvent.UNAUTHORIZED ?
– and if fail to load picture can we detect using FacebookOAuthGraphEvent.ERROR ?

Herd,
if user clicks “dont allow” button, the facebook makes following request:
GET /examples/FacebookOAuthGraph/callback.html?error%5Btype%5D=OAuthException&error%5Bmessage%5D=The+user+denied+your+request. HTTP/1.1
Host: blog.yoz.sk
… means following arguments are sent via GET:
error[type] OAuthException
error[message] The user denied your request.
you can update callback javascript to pass the error into flash and handle it from there

I am not sure now, how would graph api request fail response look like, but generaly yes, debuging fail response may help you to be able to catch it and handle it (via extending my class) to work correct way for you

Any ideas on oauth via a desktop AIR application? For the purposes of a kiosk I cannot use pop-up which are standard on with the Facebook_library_with_AIRConnect_v3.4_flex.swc. I’ve been trying to connect to a facebook users page to post to their wall. Inside my air application I’m using an htmlloader making call to the facebook api and I’m having a problem with accomplishing this:

I get to login, I get to the basic permissions page… and after that I try for extended permissions but fail miserably. Any help would be great, and I have scoured the net to find help and most roads point back to you.

Hi again,
Not sure what I’m doing wrong so, I decided to start at the beginning and try the example above. So I:
1. set up a FlashBuilder Project (easy switch from Flex),
2. grabbed the classes, created a new application copy/pasting the code above
3. set up a facebook application
4. swapped out the clientId
and redirectURI(“http://s106998.gridserver.com/facebook/callback.html”) to the app and callback on my server
5. upload everything to my server, ran it and I get the following error in a pop-up.

I cant seem to get the JS bridge to work. It looks like Facebook is passing back the # parameters to the callback html, but then flash never gets notified. Do you have a zip of all these source files somewhere for download?

@tom sory I have no .fla file, but library will work for flash cs compilator

@Eric, Hi all files necessary are in the article, do you mean that your callback.html does not work for you? what is your browser/os? can you debug javascript or actionscript and see where the process fails? try read some comments for this post, there are some issues mentioned…

Jozef – In regards to the flash IDE side of things, and pop up blockers – i have some information that might be of use to you, and others.

Safari on Mac (wrongly) ignored the ExternalInterface call to open a new window. Its a well documented bug, and avoidable by using the navigateToURL function. The only problem is you need to know if you are using safari or not, or else just open the window with the external interface (blank) and then target it with the navigateToURL(urlRequestVar, ‘myWinName’).

You could have some js in your page to be called with an externalInterface.call , but keeping with the closed style of you facebook class – i suggest you add in the following (not foolproof but its better than nothing)

As a side note to this, its worth noting that these have to be triggered by a method that captures a mouse event.If for example, the function is triggered on the result of a data call – think zendAMF or a an image load (basically something that requires time to process) the external interface call will fail silently. In this case you would need a prompt to continue.

The second problem that you face with Safari on OSX deals with the problem of callbacks from another window. It seems that safari does not keep the relationship of parent/child – and window.opener will always == null. I have tried in vain to fix this with js, but im not very experienced that way. I tackled the problem a little differently (to save space i will describe it here, if anyone wants the code just comment back)

basically i rig up a callback.swf that has a list of all the callbacks i want to use on my site. I embed this on the callback.html page. When the swf loads, it uses the external interface to check a dummy js function to make sure javascript is ready. If it is false, a timer is set up to ping the js. Once javascript ready condition == true, i external interface call another js function that returns the method name i want to use as my callback.
In flash i have a localConnection set up with the main flash app, and my callback swf. The callback.swf has the method name, and then performs the method (with any arguments) across the local connection.

So far it has been a rather nice solution to a frustrating problem that only safari osx seems to suffer from. And finally – thank you for the great code. It has helped me flesh out my flash app very n icely.

Hi @Beans, thank you for your instructions and solution. I have added it into FAQ section, I think this is really useful to know, I never used this class on mac-safari config by myself.
Did you tried my advanced callback “Advanced Crossdomain Working Authorization” on:http://blog.yoz.sk/2010/06/extending-facebookoauthgraph-class/

I was thinking about making a popup-confirmation when posting to wall like the one you get from the fb javascript sdk. So i’m trying to do this in the same way you did the authorization window, but haven’t quite gotten it to work.

Hi @Cechise,
1. you are using flash, you have free hands to do any UI you want with your custom graphics etc. or
2. you can use javascript sdk or
3. you can sharer.php in popup – http://www.facebook.com/share/

Donny I am not sure if I am getting this correctly, are you trying to be able to connect to facebook via flash feed post? like when running youtube video from feed and somewhere inside this flash a button to connect? yes it is possible, however, you can not use javascript popup but navigateToURL() into new window, than use advances callback, so user gets access_token via NetConnection (advanced callback http://blog.yoz.sk/2010/06/extending-facebookoauthgraph-class/ )

@david, yes you should use autoConnect() inside init() (see line 33), it works with 2 sources:
1. stage.root.loaderInfo.parameters (if you pass access_token via flashvars, used with iframed facebook app http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/ )
2. ShaderObject data – previous working token is autmaticaly stored and used by autoConnect()
… you may want to require “offline_access” extended permissions so your stored tokens are valid for a long time

Any way to make this retrieve the contents of a fan page’s photo album? I mean the user posted images to the fan page, not the official fan page photos. A lot of people would use this if you could make it happen.

Hi Bill,
thanks for your code, I suggest you do it using the “override” way ( http://blog.yoz.sk/2010/06/extending-facebookoauthgraph-class/ ), I am just checking my session parameter and it seems like it is encoded correctly as it should be – once, when value passed into flashvars (via javascript), the variable parameters should containt decoded – raw value… but if that was an issue in your case I am glad that you made it work…
Anyway I recommend to use charles proxy – great tool for debugging this kind of things (requests/responses/data etc.)

@Kirk, you can post images directly into page album, and you can also grap photos from this album or from an album of any user if correct permission granted (user_photos) … later it is no problem to get album content via https://graph.facebook.com/ALBUMID

I have the same problem like : markval (on June 22, 2010 | 01:11)
and can’t seem to be able to override it, although I use a SecurityError Listener. I push all the rawData (of the user’s friends) in an array and then load them serially.
If an avatar picture is missing none of the avatars is loaded – got a clue why?

I’ve developed an apps in facebook.
Three weeks ago, it worked perfectly but since 2 days ago, it goes wrong. It is always loading and refreshing over and over again.
Here is my code to connect to facebook:
public function loginToFacebook():void
{
_flexVar = Application.application.loaderInfo.parameters;
facebookSession=new FacebookSessionUtil(_flexVar.fb_sig_api_key, null, Application.application.loaderInfo);
…
And these are the errors that I got, actually it’s not error message but address of web the facebook loading and refreshing over and over again.
Please help me.

Background:
– My App is generally able to connect with facebook and execute calls like the following
facebook.call(“method/fql.query”, data, URLRequestMethod.POST, null, “https://api.facebook.com”);
– But, my config is incomplete aka faulty, that is why I have to fetch a access-Token by hand, when I want to run the app outside of facebook. And, what baffles my most: When I add permissions (like create_event, manage_pages) the app aka facebook still does not asks me for allowance.

Hi robrob,
I guess https://api.facebook.com/method/stream.publish does not for you is what are you asking me to help you with? Can you debug/trace the response from facebook on your call. Than we can move forward to investigate this

1. Is it correct, that opening the pop-up inside Facebook can only be executed, if it is triggered by the user clicking. Because right now it does work local, but not on FB. I thought I read something similar on here, but can’t find it anymore.
2. Is it correct, that the External Interface call isn’t handled by safari browsers.

Can’t thank you enough.
On that note: Where is your donate button?
robrob

as there is a clear statement to the second question of my previous comment, I would like to restate my post as follows

————————————
Hi Jozef,

I am making progress, but still have some rookie questions.

1. Am I assuming correct, that if everything is setup correctly, the user has to give permission only once and afterwards permission will be given automatically, without any need of user-action?
2. Is it correct, that opening the pop-up inside Facebook can only be executed, if it is triggered by the user clicking? I am asking, because I added an event-listener for FacebookOAuthGraphEvent.Error and tried to launch the External-Interface automatically if the user hasn’t authorized the app yet. This works local, but not on FB. (I thought I read something similar on here, but can’t find it anymore).

Still can’t thank you enough.
And again: Where is your donate button?
robrob

You may want to open popup without user interaction, there is no restriction within my library. What restricts your pop-up to be open is popup blocker (browser plugin or browser native behaviour), you may try to open new window via navigateToURL but based on browser blocker this action may also be prohibited from being called without user interaction.

If your user connects with your application, he receives token valid like 30 minutes (I guess), this token is saved into SharedObject that persists on his pc. Next time he comes into your app, the lib first try to use the stored token if it succeed you are connected else he have to click connect again. In order to make the token valid for long period of time (unlimited) request “offline_access” permission with scope parameter.

There are more safari users complaining about some javascript behaviour, please go through the blog comments here to find the solution. If you dont find any, try asking again, I am not sure I understood the issue

So, do I get it right, that
1. The user has to click a button every once in a while, to let the app establish a connection to Facebook?
Except if I ask for offline access permission, which itself gives not 100% guarantee, because the shared object can get lost if a user shout his Pc?

2. If a user logs in, logs out and logs in with a different account, he will be treated as the first user, unless I implement some logout logic, which flushes the shared object?

1. exactly. But if user keeps communication with his token on graph api he will not get unconnected anyway. I guess offline_access gives you good guarantee, I did not tried it any longer but it lasts more than a month for sure. Docs says:

“offline_access Enables your application to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.”http://developers.facebook.com/docs/authentication/permissions

hi i am unable to know what i need to put in place of id. also i am not able to get the access_token. i don’t know why. i do not see any code in java script which will call jsConfirm inside flash do i need to provide the id for flash object in your FacebookOAuthGraph.as class?

i am making in in flash Professional and html page has javascript.

if u can explain it would be great. after i log on to facebook what happens how does your code get the access_token after i see the message ” You may now close this window.” thanks for you help

Hi Jozef,
Thanks for the article.
I am using the GraphAPI and a canvas based application.
I would like to get a list of my friends who are using ‘this app’. is there a way to do this with the GraphAPI?

hello jozef
if the window “You may now close this window” does not close on it’s own. is it a cross domain issue. actually instead of adding the callback.html file to a domain i called http://blog.yoz.sk/examples/FacebookOAuthGraph/callback.html for redirect url. and also i use your client id. i wanted to check if your code can be converted to a flash application. i am still unable to understand what this line of code does.
var js:String = ”
+ ‘if(!window.’ + jsConfirm + ‘){‘
+ ‘ window.’ + jsConfirm + ‘
——
jsConfirm =”confirmFacebookConnection”
callback.html page does not close on it’s own so i do not what to do?

hi shammi, yes, it keeps opened if it is a crossdomain issue or it can not find confirmFacebookConnection() function in wrapping html javascript. this is the javascript function being injected by actionscript in the time when your popup is opened… those are exactl the lines you are asking about. you can not connect with my callback due to XSS. Read about “Advanced Crossdomain Working Authorization” here http://blog.yoz.sk/2010/06/extending-facebookoauthgraph-class/

Don, go to http://developers.facebook.com/docs/api and click me/feed link there. does that contain your data? if so you are missing some permissions with application, if not you somehow blocked your wall content in facebook settings for your account

first of all, thanks jozef for a fantastic couple of classes, they’re going to really save my bacon!

but… I’m having problems getting the AUTHORIZED callback to function at all. Code is set up virtually identical to yours and the app knows whether its connect or not (the facebook.authorized var is set to true when you would expect it) but the callback just does not seem to be called at all. I’m utterly mystified!

Hi Jozef i am a Flex 3 Developer i found this api to connect to facebook and looks great! xD
But… i’ve 2 days trying to make this api works in IE8 and… nothing…
I saw your app in http://apps.facebook.com/blogoauthgraph/ and test it in IE8 and works perfectly then try my app and doesnt works in IE8…
My app is http://apps.facebook.com/fbookauth/
Please if you now how to fix this.. help me..
thank you very much.

Hi Jozef thanks for your answer…
My app dont falls in endless redirect loop, i try to clear cache and temporary files and still dont work.
The problem occurs when i try to login… in the left panel shows checkSavedToken(), then shows connect() and never shows the label “authorized”… i try my app in IE7 and IE8 and never shows this label in FF,Chrome, and Safari works great!
I’ve debugin the class FacebookOAuthGraph.as and I found the function called “verifyToken”.. in this function never execute the code:

then… the verifyTokenSuccess never called…
I put a Alert.show(token); at begining and now in the application shows the “178299352184385|2.7rMLm_8DQxDlCd8oyRApwA__.86400.1290700800-737101097|Z2uIg0gi8-Uk2ljvXmscFmEHRVI” …
But… still doesnt work and the token is not null…

Hi Jozef, thank you for the help…. I’m still working in this problem, now i debug the application again and found in the FacebookOAuthGraphEvent.as class the variable _rawData and this var get the value “Error #2032″ only in W7 with IE7 and IE8, i was searching this issue about 3 days and i can’t fix this… i tried the headers solution putting application/json, building the application for flash 10, and… nothing, if you know something about this error please help me..
Thanks for the help…

Hi, great stuff! I am currently using your classes in creating a simple app. One question though, how do i trigger the pop-up dialog that asks users to post a message to their walls when a button is clicked inside the flash app? Thanks!

Hi kalel,
this class is not javascript api based, thus there is no popup window to be opened… you can call the publish method from inside the flash, no evil popup required. make your own graphics and form inside your flash app in order to publish comments.

Hi,
Just a small question ?
it possible to have to use this class for a flash application dropped in fbml canvas in a fan page tab, I think we can but just a confirmation from an expert will save some time.

I made fbml app with a flash inside and I have a really weird behaviour, which i think is not because of your class, I have a sandbox violation error, it doesn’t want to addCallBack to js function when i call the connect function. I have the same probleme with the official api. Thanks for helping.

I found a solution by ask for autorisation which go to my callback with the token dans then do what i want do with facebook by calling php script from flash which curl the facebook graph. Maybe there is a simpler way but the sandbox also block me when i call the graph url directly from flash. thanks for your help.

gilles thankx for the response gilles, I did never worked with fbml embeding flash much. I guess it is easier to use iframe while it gives you more freedom about how do you want to embed flash and things…

fantastic job you’ve done here
i can run your cs4 flash only version fine using your parameters supplied for callbackurl and app id, when i try to use my app id and callback html on my webserver it doesnt authenticate – i think i’ve missed something.

can you tell me “redirectURI” is this meant to be the same value the same as the Bookmark URL in the Edit Settings section for the app on facebook config page? I got the popup and permissions request fine first time app loads but doesnt seem to go anywhere. was there anything special in facebook settings ?

@mike,
here are all the fb settings for my demo app http://blog.yoz.sk/examples/FacebookOAuthGraph/settings.png
– Bookmark URL is not important for you at all
– Define Site URL and Site Domain correctly for your domain in Web Site tab
– Define redirectURI within Site Domain you defined in fb settings
that should be all the necessary. There were some comments reporting issues with connection, we were able to fix them all. go through the comments posts here using “connect” fulltext search and I believe you will find a solution.

Hi Pipe,
you can use FacebookOAuthGraph.me to read info about current api user. This value is filled once you are logged in. There is a separated authorization system in facebook for classic facebook.com vs. api. Api is token based, once you have valid tokens you can make api requests as any user not just the one that is logged on facebook.com. The token for FacebookOAuthGraph is saved in SharedObject (something like flash cookie) and is used with autoConnect(). You can logout api user as easy as remove the token from sharedobject, feel free to extend my lib with disconnect method() – search for “disconnect” in comments e.g. here:http://blog.yoz.sk/2010/05/facebook-graph-api-and-oauth-2-and-flash/comment-page-8/#comment-2001

Jozef,
how can I upload and post an image into user’s wall? As I learned from the documentation POST to /me/feed could only publish an image by URL. But I need to upload an image from user’s desktop.
Someone said that all I need is uploading by using /me/photos. But uploaded photo just saves into app’s album, with no sight in the feed.
Is there workaround for this?

fltz,
I am sorry to tell you that only possible upload with graph api is to an album. What makes perfect sense because, there is also a “Wall Photos” album for your wall uploads. So to make your upload appear within your feed do:
1. upload photo (one album will be created as default for your facebook app)
2. publish feed linking to your upload

“You are required to override the Event.clone() method in your subclass. The clone() method returns a cloned copy of the event object by setting the type property and any new properties in the clone. Typically, you define the clone() method to return an event instance created with the new operator.”

I just download your .fla version from (http://blog.yoz.sk/examples/FacebookOAuthGraph/src/cs4.zip) and build my own on local, I has been copy the access_token value into my code and publish. but Output error:
“Error opening URL ‘http://graph.facebook.com/me?access%5Ftoken=268718683475%7C2%2EvEgS2u9mUeGFAcXpPj1GVw%5F%5F%2E86400%2E1298365200%2D100000285065268%7C1ZyFjXGaxrEqI505%5FA2XBeaVyrw'”

I wonder are your .fla source is uptodate? or have any change on facebook make it not work?

Hi jozef. I m having a problem with authentification, is making an infinitive loop. When the app is trying to open. Its must be something that facebook api change because it was working until last week.

hi muudles,
I am not able to reproduce any issues, it seems like example is working correctly for me. maybe you could debug request being called to see if there are any issues with connection – response by facebook

[…] It does not provide login authentication as there are many other libraries available for this purpose and really…why re-invent the wheel? Some great examples are from Big Spaceship and Jozef Chúťka. […]

Thanks for this source !here the issue is
i implemented expectantly in flex but i will get the same will get the same window which is visible on the top . when am clicking that button it gos to the Facebook login page other button are enabled how to share videos and images in Facebook

hi PVieira,
I have not tryed it yet myself… however
“I’ve tried to do a feed with that code: attachment.description = “Friend: @[{uid}:1:{name}]”” … I believe it works only on message feeds, not attachments

i got the flash c4 source code and when i run in flash ide i got the follow message:

Error #1065: A variável com.adobe.serialization.json::JSON não foi definida.
at sk.yoz.events::FacebookOAuthGraphEvent/get data()[C:\facebook_11\cs4\src\sk\yoz\events\FacebookOAuthGraphEvent.as:36]
at sk.yoz.net::FacebookOAuthGraph/verifyTokenSuccess()[C:\facebook_11\cs4\src\sk\yoz\net\FacebookOAuthGraph.as:108]
at Function/()[C:\facebook_11\cs4\src\sk\yoz\net\FacebookOAuthGraph.as:100]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at sk.yoz.net::FacebookOAuthGraph/loaderComplete()[C:\facebook_11\cs4\src\sk\yoz\net\FacebookOAuthGraph.as:186]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at flash.net::URLLoader/onComplete()

I am using your code for facebook authantication and it perfactly run but i am faceing problem regarding facebook access token url,when we run our app on facebook we get a authantication popup .my question is you without opening the popup can we get access token.

i am using this code in flash and in flash side we call “advancedcallback.html” .can we use php side code for access token handling?if yes,please guide me how we write that

Once again i am here with my problem.actually jozef i had tried to solve the access token according to your suggestion but our team want to solve this problem in flash side completely,can you please suggest me how we get access token without open the popup.

when we run our app on crome and if my popup setting is blocked ,in this case authantication popup does’nt open and my app is autherized completely and i get my all friends information,but when i run my app on mozzila and ie browser and we blocked our popup setting, in this case our app does not autherized and we do not get any friends information,so in this case my functionality do not work and its a big issue ,that’s why i want to try to get access token without opening any popup.
if you have any solution please suggest me .

aarti, in order to get access token you must visit facebook page with authorization for your app. you can do it in popup or redirecting whole page (I would expect frames to not to work to avoid clickjacking). offline access seems to be depricated https://developers.facebook.com/roadmap/#may-2012 so user will have to reauthenticate with every new session – popup or redirect

Hi Ttcat,
you do not need to have any additional code in javascript, you can define all needed via ExternalInterface, just make “Make sure your html wrapper defines correct allowScriptAccess and both id and name for tag.”

will you please resolve my query i have implemented your code it is connected with the application but not authrized…this function not call and add hash is also not called..
so please resolve my query..

My flash code is not connected with my Facebook application. I can not resolve the error and not getting the error that what and where is the problem..
on click the connect button the window show my application on logging into the account it appears the message
“You may now close this window.”
not connected with the application..
I can’t debug ma flash application..
please give me some solution how to resolve it..

I used your above code my application perfectly run and update the status, now i want to add the additional feature for uploading the photo using the above code…
Can u send me the code to upload the photo on Facebook just like to update the status on the above code..
Thanx in advance….